Defense center, as I wrote in my previous article (Defense Center), is a new rogue antispyware program. It is a malicious program from the same family of malware as Protection Center, Data Protection, etc.
Defense center is designed with one purpose – to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your computer as soon as possible. Use the removal guide below to remove Defense center from your computer for free.
Use the following instructions to remove Defense Center (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Click Start, Run. Type command and press Enter. Command console “black window” opens. Type notepad as shown below
Command console
Press Enter. Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
You will see window similar to the one below.
Notepad
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.) Double Click fix.reg and click YES for confirm.
If you can`t create fix.reg, then download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.
Step 2. Remove core components of Defense center
Please download OTM by OldTimer from here and save it to your desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Defense Center"=-
:files
C:\Program Files\Defense Center
You will see window similar to the one below.
Click the red Moveit! button. Once finished, close OTM.
Step 3. Remove TDSS trojan-rootkit
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon to start scanning Windows registry for TDSS trojan. If it is found, the you will see a screen similar to the one below.
TDSSKiller
When TDSSKiller will prompt you to press “Y”, type Y and press Enter. Your computer will be rebooted.
Step 4. Remove Defense Center associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Defense Center infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Defense Center. MalwareBytes Anti-malware will now remove all of associated Defense Center files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Defense Center creates the following files and folders
C:\Program Files\Defense Center
%UserProfile%\Start Menu\Programs\Defense Center
C:\Program Files\Defense Center\defhook.dll
C:\Program Files\Defense Center\defcnt.exe
C:\Program Files\Defense Center\about.ico
C:\Program Files\Defense Center\activate.ico
C:\Program Files\Defense Center\buy.ico
C:\Program Files\Defense Center\help.ico
C:\Program Files\Defense Center\scan.ico
C:\Program Files\Defense Center\settings.ico
C:\Program Files\Defense Center\splash.mp3
C:\Program Files\Defense Center\uninstall.exe
C:\Program Files\Defense Center\update.ico
C:\Program Files\Defense Center\def.db
C:\Program Files\Defense Center\defext.dll
C:\Program Files\Defense Center\virus.mp3
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.lnk
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
Defense Center creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Defense Center
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Click Start, Run.
Type wbemtest and press Enter.
Windows Management Instrumentation Tester opens.
Click Connect… button.
Type root\SecurityCenter and press Enter.
Click to Query button.
Type SELECT * FROM AntiVirusProduct and click on Apply button.
If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product.
Identify the product(s) installed and DELETE any records for an Antivirus software (or rogue security program) that is no longer installed.
I have the same problem as emmanuel. I have followed all the steps listed above (as well as Patrik’s response) and I still have no access to the internet. No messages from Defense Center are popping up anymore but my internet is still down.
David, what shows your browser when you trying to open any site ?
Couldn’t you have made it a little more complicated???
Can’t believe I have to go thru all this crap to remove this program.
Must be an easier way.
lmaccartu, is easy way 🙂
Complete 1 and 3 step only.
im able to do steps 1 and 2
but when i get to step 3, i can download tdsskiller,
bit i cant unzip it or extract all. when I do that, it says invalid or corrupted zip file.
what should i do???!
kadija, try redownload tdsskiller, but before saving rename it to something like 123.zip. Try extrack it.
thnks patrik,
renaming it made it open, but no threats were found when i scanned. i ran the malware as well, no threats found.
but when i open internet a yellow banner comes and say “protect your system with windows defence” .. i guess the rogue is still there.
do these 4 steps have to be done in a continous wa?y..cuz i did steps 1 and 2 yesterday.. 3 and 4 today.
kadija, start a new topic in our Spyware removal forum. I will help you.